[Fedora-directory-commits] adminserver/admserv/newinst/src Makefile, 1.9, 1.10 ux-config.cc, 1.9, 1.10 ux-remove.cc, 1.5, 1.6 ux-update.cc, 1.21, 1.22
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Fri May 12 00:41:38 UTC 2006
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20170/admserv/newinst/src
Modified Files:
Makefile ux-config.cc ux-remove.cc ux-update.cc
Log Message:
[161099] admin passwd in clear text in adm.conf
1) ns-update (ux-update.cc) stops storing admin password (siepid) in adm.conf.
And by calling psetCreate, it generates the local cache file local.conf in
the post install phase.
2) ns-update links with adminutil and its dependent components.
ns-update has RPATH pointing the components' location.
3) got rid of the code retrieving the admin password from adm.conf from
ns-config (ux-config.cc) and ns-remove (ux-remove.cc). Both has the info
input by the user.
4) CGI debug (download.c)
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Makefile 21 Mar 2006 18:34:05 -0000 1.9
+++ Makefile 12 May 2006 00:41:35 -0000 1.10
@@ -65,6 +65,17 @@
CFLAGS += -DNO_DOMAINNAME
endif
+ifeq ($(ARCH), SOLARIS)
+ RPATHFLAG_PREFIX=-R
+endif
+ifeq ($(ARCH), HPUX)
+ RPATHFLAG_PREFIX=-Wl,+s,+b,
+endif
+ifeq ($(ARCH), Linux)
+ RPATHFLAG_PREFIX=-Wl,-rpath,
+endif
+RPATHFLAG=\$$ORIGIN:\$$ORIGIN/lib
+
$(OBJDEST):
mkdir -p $(OBJDEST)
@@ -82,6 +93,7 @@
LIBINST= $(SETUPUTIL_LIBPATH)/libinstall.a
DEPLIBS= $(OSDEPLIBS)
+DEPLIBS2= $(DEPLIBS) $(ADMINUTILLINK) $(SECURITYLINK) $(LDAPLINK) $(ICULINK)
ifeq ($(ARCH), HPUX)
ifeq ($(NSOS_RELEASE),B.10.10)
@@ -132,12 +144,13 @@
$(BINDEST)/ns-config: $(OBJDEST)/ux-config.o $(OBJS1) $(DEPLIBS) $(LIBINST)
$(CXX) $(MODULE_CFLAGS) -o $(BINDEST)/ns-config $(OBJDEST)/ux-config.o \
$(OBJS1) $(LIBINST) $(LIBLDAP) \
- $(DEPLIBS) $(EXTRA_LIBS) $(CURSES)
+ $(DEPLIBS) $(EXTRA_LIBS) $(CURSES)
$(BINDEST)/ns-update: $(OBJDEST)/ux-update.o $(OBJS2) $(DEPLIBS) $(LIBINST)
- $(CXX) $(MODULE_CFLAGS) -o $(BINDEST)/ns-update $(OBJDEST)/ux-update.o \
+ $(CXX) $(MODULE_CFLAGS) $(RPATHFLAG_PREFIX)$(RPATHFLAG) \
+ -o $(BINDEST)/ns-update $(OBJDEST)/ux-update.o \
$(OBJS2) $(LIBINST) $(LIBLDAP) \
- $(DEPLIBS) $(EXTRA_LIBS) $(CURSES)
+ $(DEPLIBS2) $(EXTRA_LIBS) $(CURSES)
$(BINDEST)/ns-remove: $(OBJDEST)/ux-remove.o $(DEPLIBS) $(LIBINST)
$(CXX) $(MODULE_CFLAGS) -o $(BINDEST)/ns-remove $(OBJDEST)/ux-remove.o \
Index: ux-config.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-config.cc,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- ux-config.cc 31 Mar 2006 22:58:20 -0000 1.9
+++ ux-config.cc 12 May 2006 00:41:35 -0000 1.10
@@ -283,8 +283,9 @@
{
NSString sieDN;
- sieDN = admConf.get("sie");
- siePwd = admConf.get("siepid");
+ /* Use admin id and admin pwd to access DS */
+ sieDN = _installInfo->get(MC_ADMIN_ID);
+ siePwd = _installInfo->get(MC_ADMIN_PWD);
siePort = admConf.get("port");
if (sieDN != (char *) NULL && siePwd != (char *) NULL && ldapURL != NULL)
Index: ux-remove.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-remove.cc,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ux-remove.cc 31 Mar 2006 22:58:20 -0000 1.5
+++ ux-remove.cc 12 May 2006 00:41:35 -0000 1.6
@@ -49,7 +49,6 @@
int main(int argc, char *argv[])
{
NSString serverRoot;
- NSString instanceDir;
NSString admConfFile;
NVPair *admConf;
InstallInfo *uninstallInfo;
@@ -87,55 +86,40 @@
{
serverRoot = uninstallInfo->get(SERVER_ROOT);
- instanceDir = serverRoot + "/" + "admin-serv";
- snprintf(temp, sizeof(temp), "%s/admin-serv/config/adm.conf", serverRoot.data());
- temp[sizeof(temp)-1] = 0;
- admConf = new NVPair(temp);
-
- if (admConf->isEmpty() == False)
- {
- /*
- * PVO - should we get from adm.conf instead ? How about if
- * there's a mismatch
- */
- ldapURL = uninstallInfo->get(CONFIG_LDAP_URL);
- sieDN = admConf->get("sie");
- siePwd = admConf->get("siepid");
- isieDN = admConf->get("isie");
+ ldapURL = uninstallInfo->get(CONFIG_LDAP_URL);
+ /* Use admin id and admin pwd to authenticate against DS */
+ sieDN = uninstallInfo->get(MC_ADMIN_ID);
+ siePwd = uninstallInfo->get(MC_ADMIN_PWD);
- if (ldapURL == NULL || sieDN == NULL || isieDN == NULL)
- {
- printf("[Admin] LDAP information not found\n");
- err = -1;
- }
- else
- {
- LdapError ldapError;
- Ldap ldap(ldapError, ldapURL, uninstallInfo->get(MC_ADMIN_ID),
- uninstallInfo->get(MC_ADMIN_PWD),
- sieDN, siePwd);
-
- if (ldapError != OKAY)
- {
- /* remove the message which causes confusion when DS is down
- sprintf(temp, "%ld", ldapError.errorCode());
- printf("[Admin] Ldap authentication failed (%s:%s)\n", temp, ldapError.msg()),
- */
- err = -1;
- }
- else
- {
- ldapError = removeSIE(&ldap, sieDN, True);
-
- if (ldapError != OKAY)
- {
- /* remove the message which causes confusion when DS is down
- sprintf(temp, "%ld", ldapError.errorCode());
- printf("[Admin] Cannot remove Admin server instance (%s)\n", temp);
+ if (ldapURL == NULL || sieDN == NULL)
+ {
+ printf("[Admin] LDAP information not found\n");
+ err = -1;
+ }
+ else
+ {
+ LdapError ldapError;
+ Ldap ldap(ldapError, ldapURL, sieDN, siePwd, sieDN, siePwd);
+
+ if (ldapError != OKAY)
+ {
+ /* remove the message which causes confusion when DS is down
+ sprintf(temp, "%ld", ldapError.errorCode());
+ printf("[Admin] Ldap authentication failed (%s:%s)\n", temp, ldapError.msg()),
+ */
+ err = -1;
+ }
+ else
+ {
+ ldapError = removeSIE(&ldap, sieDN, True);
+ if (ldapError != OKAY)
+ {
+ /* remove the message which causes confusion when DS is down
+ sprintf(temp, "%ld", ldapError.errorCode());
+ printf("[Admin] Cannot remove Admin server instance (%s)\n", temp);
*/
- }
- }
- }
+ }
+ }
}
}
Index: ux-update.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ux-update.cc 29 Mar 2006 02:19:52 -0000 1.21
+++ ux-update.cc 12 May 2006 00:41:35 -0000 1.22
@@ -35,6 +35,8 @@
#include <errno.h>
#include "ldap.h"
+#include "libadminutil/admutil.h"
+#include "libadminutil/psetc.h"
#if defined(AIX)
extern int seteuid(uid_t);
@@ -1145,21 +1147,22 @@
LDAPURLDesc *ludpp = NULL;
ldap_url_parse((char *) installInfo->get(CONFIG_LDAP_URL), &ludpp);
-/*
+/*
fprintf(f, "ldapHost: %s\n", ludpp->lud_host);
fprintf(f, "ldapPort: %d\n", ludpp->lud_port);
fprintf(f, "sie: %s\n", sieDN.data());
- fprintf(f, "siepid: %s\n", httppw);
+ fprintf(f, "userdn: %s\n", ldap.rebindDN());
fprintf(f, "isie: %s\n", isieDN.data());
fprintf(f, "port: %d\n", port);
fclose(f);
*/
+
admConf.set("ldapHost", ludpp->lud_host);
admConf.set("ldapPort", (unsigned long)ludpp->lud_port);
admConf.set("sie", sieDN.data());
- admConf.set("siepid", httppw);
+ admConf.set("userdn", ldap.rebindDN());
admConf.set("isie", isieDN.data());
admConf.set("port", (unsigned long)port);
@@ -1325,6 +1328,15 @@
sprintf(tstr, "%s/uninstall", sroot);
chmod(tstr, 0750);
+
+ {
+ // Generating local.conf
+ int error_code = 0;
+ snprintf(tstr, sizeof(tstr), "%s/admin-serv/config", sroot);
+ PsetHndl pset = psetCreate("admin-serv", (char *)tstr,
+ (char *)ldap.rebindDN(), httppw,
+ &error_code);
+ }
}
More information about the Fedora-directory-commits
mailing list